Add a new hostapd configuration parameter sae_password_file to read SAE
passwords (i.e., the entries that use the previously added sae_password
parameter) from a separate file.
sae_password_file uses the following format for storing passphrases:
Jouni Malinen [Thu, 21 Dec 2023 17:44:32 +0000 (19:44 +0200)]
PASN: Select the latest available BSS entry for a BSSID
This is needed to work around some issues that show up mainly in testing
scenarios when the same BSSID might be used with different
configurations and the scan results from the driver might include both
the old and new contents when two different SSIDs are used.
MLD STA: Update SAE PWE derivation in hunting-and-pecking loop case
Use AP MLD address instead of BSSID for PWE derivation during MLO
connection. This was already done for H2E in commit e869fdfeefa5
("wpa_supplicant: Use MLD address in SAE authentication"). While IEEE
P802.11be requires H2E to be used, there are deployed AP MLDs that do
not follow that requirement. This change to the hunting-and-pecking loop
case is needed for interoperability workarounds with such APs.
Currently while deciding to create a new Multiple BSSID element based on
the condition when the length reaches 255, the length value being used
is the total element length (including the length of the Element ID and
Length fields as well). However, the value in the length field denotes
the number of octets following it and excluding itself. Hence including
the total length is wrong. This leads to incorrect count of Multiple
BSSID elements.
And while filling the data, the length is considered porperly as it
should be hence we are filling more data in a single go and all data is
filled in MBSSID count which is less than originally calculated. This
ultimately leads to incorrect length calculation during nla_put() and
setting the beacon to the driver fails while putting the Multiple BSSID
element data into the netlink socket buffer.
Fix this issue by considering the length excluding the Element ID and
Length field sizes.
Share VLAN info in RRB when the driver advertises support for VLAN
offload (WPA_DRIVER_FLAGS_VLAN_OFFLOAD). sta->vlan_desc is unused in
this case, only sta->vlan_id is used. Skip the checks that are based on
sta->vlan_desc.
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
Jouni Malinen [Wed, 20 Dec 2023 19:30:00 +0000 (21:30 +0200)]
tests: Add more time for the Presence Announcements to be received
The previous timeout allowed only a single chirping round, and sometimes
not even that full round. That resulted in test failures for cases where
there was not really any incorrect behavior.
Jouni Malinen [Wed, 20 Dec 2023 17:21:52 +0000 (19:21 +0200)]
tests: Clean up PSK protocol tests to avoid issues
Stop dev[0] from trying to associate at the end of the test case to
reduce risk for leaving out some pending operations that could mess up
the following test case.
Jouni Malinen [Wed, 20 Dec 2023 16:21:10 +0000 (18:21 +0200)]
tests: Make flush_scan_cache() more robust
Handle the cases where the first attempt to start scan fails due to an
ongoing scan. Stop such scan and try again instead of failing the test
case immediately.
Jouni Malinen [Wed, 20 Dec 2023 10:46:05 +0000 (12:46 +0200)]
tests: Do not check TX status in dpp_qr_code_auth_neg_chan
This avoids race conditions with UML time-travel where some cases ended
up not reporting the DPP-TX-STATUS event and that resulted in discarding
events that are more important to verify for correct behavior.
Jouni Malinen [Tue, 19 Dec 2023 11:49:15 +0000 (13:49 +0200)]
tests: Wait for the dpp_init_enrollee_pkex thread to complete
One of the sigma_dut testing cases missed the t.join() call to make
surte the separate thread terminated. This could result in confusing
"unexpected stdout output" in a middle of an unrelated test case.
Jouni Malinen [Tue, 19 Dec 2023 11:03:20 +0000 (13:03 +0200)]
tests: Make p2p_service_discovery_restart more robust
Stop and restart P2P_FIND on dev[1] to avoid timing issues where the
wait on dev[1] makes the test case fail even though this was trying to
verify that dev[0] is reacting quickly enough.
Jouni Malinen [Mon, 18 Dec 2023 23:09:22 +0000 (01:09 +0200)]
nl80211: Remove send_and_recv_msgs()
This helper is of no real use anymore, so get rid of it. This completes
send_and_recv*() cleanup. What remains is the most generic
send_and_recv() and two wrappers for it to cover the most common simpler
cases.
Jouni Malinen [Mon, 18 Dec 2023 23:00:23 +0000 (01:00 +0200)]
nl80211: Add send_and_recv_cmd() helper
This is a variant for the most common case of send_and_recv() needs:
send a command without needing a special response handling. In addition,
move the helper functions into driver_nl80211.h since these are now
simple wrappers for the more flexible send_and_recv().
Jouni Malinen [Mon, 18 Dec 2023 22:20:16 +0000 (00:20 +0200)]
nl80211: Move control port attribute adding into more accurate location
This is independent of the NL80211_ATTR_SOCKET_OWNER use, so add these
attributes from a separate helper function that is called only from
locations that actually start an operation that uses EAPOL frames.
Jouni Malinen [Mon, 18 Dec 2023 21:45:09 +0000 (23:45 +0200)]
nl80211: Use bss->nl_connect unconditionally
Doing this based on driver support for control port RX or SAE seems like
undesired extra complexity. Just use this in all cases where the special
handle for a longer term operation, like connection or AP mode
operation, is needed.
Jouni Malinen [Mon, 18 Dec 2023 19:41:32 +0000 (21:41 +0200)]
nl80211: Use socket cb instead of global->nl_cb in send_and_recv()
This is a step towards cleaning up all the workarounds that have showed
up over the years and made the design difficult to understand. This
removes use of the separate registration of process_bss_event() as
NL_CB_VALID for the individual commands since the use of the appropriate
cb (i.e., the one from nl80211_init_bss() in these cases) will already
point to the correct handler.
Jouni Malinen [Mon, 18 Dec 2023 19:08:26 +0000 (21:08 +0200)]
nl80211: Accept NL80211_CMD_FRAME events in global context
This is a workaround for some race conditions where the hardcoded use of
global->nl_cb in send_and_recv() ends up getting events delivered
through unexpected context when they happen to arrive at the time when a
command is being processed.
Jouni Malinen [Mon, 18 Dec 2023 15:12:30 +0000 (17:12 +0200)]
tests: Make p2p_channel_avoid* more robust
Terminate the group explicitly before cleanup to avoid a race condition
between an automatically started scan to find the GO again and the scan
started to clear the scan cache.
Jouni Malinen [Mon, 18 Dec 2023 15:00:55 +0000 (17:00 +0200)]
tests: Avoid a race condition in DPP retry validation
Wait a bit to allow stopping of the DPP_LISTEN operation to be completed
before issuing the DPP_QR_CODE command that would send the frame that
these test cases expect to not get ACKed.
Jouni Malinen [Sun, 17 Dec 2023 19:55:10 +0000 (21:55 +0200)]
AP MLD: More careful checking of Multi-Link element length fields
Avoid potential read of one or two octets beyond the end of the
subelement when verifying that there is sufficient amount of data
included in each subelement/element within the MLE in Association
Request frames.
Jouni Malinen [Sun, 17 Dec 2023 19:53:52 +0000 (21:53 +0200)]
AP MLD: Skip unknown Multi-Link element subelements
Instead of rejecting the Multi-Link element, skip unknown subelements to
be less likely to cause interop issues for future. IEEE P802.11be/D5.0
allows other optional subelements to be included here.
Jouni Malinen [Sun, 17 Dec 2023 15:02:34 +0000 (17:02 +0200)]
tests: More robust sigma_dut_dpp_qr_mutual_init_enrollee_pending
Wait some time between the first DPP Authentication Response that
indicates the response is not yet available and the second DPP
Authentication Response to make this sequence a bit more realistic and
less likely to hit race conditions with UML time-travel.
Jouni Malinen [Sun, 17 Dec 2023 12:09:57 +0000 (14:09 +0200)]
Split ap_sta_set_authorized() into two steps
This function is both updating the hostapd-internal sta->flags value and
sending out the AP-STA-CONNECTED control interface message. When
authorizing a STA, the call to this function is followed by a driver
command to update the flags of the STA entry in the driver. That has a
race condition at least for UML time-travel since the AP-STA-CONNECTED
event is used as a message to wait for before running a connectivity
test or some other operation that depends on the data connection being
in working condition.
Split the function into two steps so that the driver STA entry update
can be done between those two steps for the cases where it matters for
the race condition. In other words, send the AP-STA-CONNECTED message
only after having authorized the STA in the driver.
Jouni Malinen [Sun, 17 Dec 2023 10:10:13 +0000 (12:10 +0200)]
PKCS#1: Do not use pointer value after freeing
The check for extra data was not dereferencing the pointer, but avoid
complaints about such uses by freeing the decrypted data only after the
check. The hexdump could have read freed memory, so that needs to be
before the freeing.
Fixes: 54ac6ff8c4a2 ("PKCS 1: Add function for checking v1.5 RSA signature") Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 17 Dec 2023 09:51:35 +0000 (11:51 +0200)]
TDLS: Avoid unnecessary copying of the Link Identifier element
This memcpy was causing warnings from static analyzers since it is being
misinterpreted as copying all the data into the lnkid.bssid[] array
instead of that and the following arrays. Since the copy is not needed
at all, just use the original pointer to get rid of these warnings.
Jouni Malinen [Sat, 16 Dec 2023 22:12:59 +0000 (00:12 +0200)]
More consistent sta pointer checks in handle_assoc()
Verify that sta is not NULL before calling
hostapd_process_assoc_ml_info() that references this parameter. In
theory, sta might be NULL here if addition of the STA entry failed in
the 60 GHz case.
Jouni Malinen [Sat, 16 Dec 2023 22:02:43 +0000 (00:02 +0200)]
ACS: Check whether iface->current_mode is NULL before use
This line seemed to trigger SIGSEGV in some code coverage testing cases.
It is not exactly clear how that was possible, but just in case, check
that iface->current_mode is set before using it here.
Jouni Malinen [Sat, 16 Dec 2023 17:44:16 +0000 (19:44 +0200)]
AP MLD: Do not schedule disconnection on BSS TM Request link removal
If the BSS TM Request for imminent BSS temoval is for a non-AP MLD that
has multiple affiliated links, do not schedule full disconnection since
other links remain associated.
Jouni Malinen [Sat, 16 Dec 2023 17:45:33 +0000 (19:45 +0200)]
WNM: Accept link removal BSS TM Request
Instead of rejecting the request, accept it since the AP MLD is in
control of which links are available and we are not being fully
disconnected in this case.
Ilan Peer [Wed, 13 Dec 2023 14:04:10 +0000 (16:04 +0200)]
WNM: Handle BTM request with Link Removal Imminent field set to 1
Based on IEEE P802.11be/D5.0, when a station is non-AP MLD with more
than one link the combination of the Link Removal Imminent field set to
1 and the BSS Termination Included field set to 1 means than only one of
the links is removed while the other links will remains associated.
Handle this case without starting a scan to find another BSS.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Vinayak Yadawad [Fri, 15 Dec 2023 12:09:27 +0000 (17:39 +0530)]
Handle PMKSA flush in the driver for SAE/OWE offload cases
For wpa_supplicant based SAE/OWE connection, the wpa_supplicant state
machine is aware of the PMKID created for a connection and this gets
removed when "REMOVE_NETWORK all" is called. However, when SAE/OWE
offload is enabled, wpa_supplicant is not aware of the PMKID generated
by the driver/firmware. So add PMKSA del indication to the driver from
remove_network context so that the driver can free PMKs associated with
the SSID.
Michael-CY Lee [Thu, 14 Dec 2023 02:08:47 +0000 (10:08 +0800)]
hostapd: Check the bridge if ioctl SIOCBRADDIF fails
If ioctl() returns EBUSY on the command SIOCBRADDIF, the interface might
have already been added to the bridge by an external operation (e.g.,
netifd in OpenWrt), and linux_br_add_if() should not indicate an error.
Check whether the interface is correctly brigded when ioctl()
returns EBUSY and if so, report success.
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
Benjamin Berg [Wed, 13 Dec 2023 12:37:40 +0000 (14:37 +0200)]
Use the link BSSID to resolve current BSS for whether to roam check
Otherwise any new scan result (even manual ones if they do not set
use_id=X to a non-zero value), can cause a reconnect to the same BSS
when MLO is used. This is because the current BSS is not detected by
wpa_supplicant_need_to_roam() and it assumes that roaming is needed.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Tue, 12 Dec 2023 16:56:31 +0000 (18:56 +0200)]
AP: Fix setting MLD Parameters subfield in RNR element
In case the TBTT information is reporting about an AP in the same AP MLD
as the current AP, the AP MLD ID in the MLD Parameters subfield should
be set to 0.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Thu, 14 Dec 2023 18:59:42 +0000 (20:59 +0200)]
Fix HE enabling for IBSS and mesh
Earlier refactoring of ibss_mesh_setup_freq() ended up dropping the case
where HE would be enabled without VHT on the 2.4 GHz band. Add that back
to allow HE to be used on 2.4 GHz with IBSS and mesh.
hostapd configuration file update using control interface
Add support for reload_config hostapd_cli command as an alternative
mechanism for SIGHUP on the hostapd process.
When AP parameters such as ssid/encryption/password etc. are changed
externally in hostapd.conf, RELOAD_CONFIG cli will re-read the .conf,
update the in-memory contents and issue a change_beacon to update
beacon_ies.
For full config update, the following example sequence of commands can
be used:
Jouni Malinen [Thu, 14 Dec 2023 10:13:20 +0000 (12:13 +0200)]
tests: Increase timeout in go_neg_forced_freq_diff_than_bss_freq
It can take significant amount of time to find the peer in this type of
a case where an AP connection is forced on a different channel while
going through p2p_find on both devices.
Jouni Malinen [Thu, 14 Dec 2023 09:09:53 +0000 (11:09 +0200)]
tests: Wait longer in sigma_dut_ap_dpp_relay before timing out
DPP initiator will try three channels in this sequence and it can take
very close to the previously used five second timeout before being able
to try on the actual operating channel of the AP. This could result in
the test case failing unnecessarily. Increase the timeout to avoid this.
Jouni Malinen [Thu, 14 Dec 2023 09:02:12 +0000 (11:02 +0200)]
tests: Wait for group key handshake before testing Michael MIC failure
Avoid potential race condition in ap_cipher_tkip_countermeasures_ap by
sending the first test frame only after the AP has completed processing
the 4-way handshake and also wait a bit to allow the group key handshake
to be completed.
Johannes Berg [Tue, 12 Dec 2023 08:07:15 +0000 (09:07 +0100)]
tests: Reset WARN_ON_ONCE() state in the kernel
If a tests hits a WARN_ON_ONCE then the retriggering will make it appear
to pass, since the warning will not happen again. Make this more
reliable by resetting the states at the beginning of each test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 12 Dec 2023 08:07:02 +0000 (09:07 +0100)]
tests: Query carrier before data test
The kernel has an asynchronous work to enable TX, which hasn't always
run by the time we get to TX tests. Do a sysfs read from the carrier
file before TX, on newer kernels this synchronises the needed state.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Sun, 10 Dec 2023 19:38:46 +0000 (21:38 +0200)]
tests: Skip memory read errors in read_process_memory()
It looks like the lifetime_in_memory test cases can hit a read failure
(Errno 5 - Input/output error) every now and then, so skip memory areas
that report that, but go through all readable process memory.
DFS: Change vht_capab according to user requested bandwidth
There are different CHAN_SWITCH flows for DFS and non-DFS channels.
Non-DFS one saves previous BW value in iface->conf, but DFS flow
replaces it with a new user requested value. Setting a non-DFS channel
after a DFS one with BW = 160 would have resulted in a mismatch between
the saved BW and vht_capab (if VHT160 was not included by default). This
would have led to a check fail in the hostapd_set_freq_params()
function.
Jouni Malinen [Sun, 10 Dec 2023 09:33:19 +0000 (11:33 +0200)]
tests: Wait for AP/GO event in addition to STA
Wait for AP/GO to complete processing before taking the next step in a
test instead of waiting just for STA. This avoids race conditions with
UML time-travel.
Jouni Malinen [Sun, 10 Dec 2023 14:32:35 +0000 (16:32 +0200)]
tests: Avoid race condition in ap_no_auth_ack
Avoid race condition with TX status reporting for the broadcast
Deauthentication frame. This could be delivered after the SET command
for ext_mgmt_frame_handled=1 and as such, could result in an
MGMT-TX-STATUS event that would confuse the next step in the test.
Jouni Malinen [Sun, 10 Dec 2023 10:37:58 +0000 (12:37 +0200)]
tests: Clear STA state at the end of ap_ft_reassoc_proto
Do not leave dev[0] in state where it is waiting for
NL80211_CMD_ASSOCIATE to complete since that might deliver an
ASSOC_TIMED_OUT event to the next test case.
Jouni Malinen [Sun, 10 Dec 2023 09:23:28 +0000 (11:23 +0200)]
P2P: Recover from successfully requested, but not started, listen
It is possible for the start_listen() callback to be called to request
the driver to start a driver operation and stop_listen() called
immediately after that (e.g., due to a request to transmit a P2P Public
Action frame) before the driver has had time to start ROC and send an
event to notify of that. Such a sequence could result in
p2p->pending_listen_freq being left to a nonzero value without getting a
call to p2p_listen_cb() to clear it. This would stop an ongoing P2P
listen operation since no following p2p_listen() call would start the
listen due to the pending command being assumed to be in effect.
Fix this by detecting this particular sequence and clearing
p2p->pending_listen_freq.
This was found with the p2p_listen_and_offchannel_tx test case with the
new kernel scheduled and UML time-travel.
Jouni Malinen [Sun, 10 Dec 2023 08:50:32 +0000 (10:50 +0200)]
tests: Make dpp_two_initiators more robust
This test case has a race condition between the first and second
initiated DPP exchange. New kernel scheduling with UML time-travel is
making the first exchange complete before the first one can be started.
Making this fully robust would likely need ext_mgmt_frame_handling=1 and
more complex test script, but as an initial workaround, split URI
parsing from dev[2] to happen before dev[1] is started so that only a
single DPP_AUTH_INIT command is needed during the race window.
In addition, detect the race condition and SKIP the test instead of
reporting FAIL.
Jouni Malinen [Sat, 9 Dec 2023 11:04:14 +0000 (13:04 +0200)]
tests: Wait for hostapd event in addition to wpa_supplicant
Wait for hostapd to complete processing before taking the next step in a
test instead of waiting just for wpa_supplicant. This avoids race
conditions with UML time-travel.
Jouni Malinen [Sat, 9 Dec 2023 14:48:27 +0000 (16:48 +0200)]
tests: Wait a bit after radio work start in dpp_listen()
Even though the radio work has started here, kernel might not have
started ROC (i.e., the REMAIN_ON_CHANNEL event has not yet been
received). Wait a bit to increase likelihood of everything being ready
for the following DPP operation.
projects / thirdparty / hostap.git / log
